server {
    listen                    80 default_server;
    listen                    [::]:80 default_server;
    server_name               _;
    access_log                off;
    error_log                 off;
    return                    301 https://$host$request_uri;
}

server {
    listen                    443 ssl;
    listen                    [::]:443 ssl;
    server_name               _;

    ssl                       on;
    ssl_certificate           /etc/nginx/conf.d/{{ luna_ssl_certificate | default('jumpserver.crt') }};
    ssl_certificate_key       /etc/nginx/conf.d/{{ luna_ssl_certificate_key | default('jumpserver.key') }};

    ssl_session_timeout       1h;
    ssl_session_cache         shared:SSL:10m;
    ssl_protocols             TLSv1.3 TLSv1.2 TLSv1.1;
    ssl_ciphers               EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
    ssl_prefer_server_ciphers on;

    client_max_body_size      100m;  # 录像及文件上传大小限制。

    location /luna/ {
        try_files             $uri / /index.html;
        alias                 /opt/luna/;  # luna 路径，如果修改安装目录，此处需要修改。
    }

    location /media/ {
        add_header            Content-Encoding gzip;
        root                  /opt/jumpserver/data/;  # 录像位置，如果修改安装目录，此处需要修改。
    }

    location /static/ {
        root                  /opt/jumpserver/data/;  # 静态资源，如果修改安装目录，此处需要修改。
    }

    location /socket.io/ {
        proxy_pass            http://127.0.0.1:{{ coco_http_port }}/socket.io/; # 如果 coco 安装在别的服务器，请填写它的 ip。
        proxy_buffering       off;
        proxy_http_version    1.1;
        proxy_set_header      Upgrade $http_upgrade;
        proxy_set_header      Connection "upgrade";
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      Host $host;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log            off;
    }

    location /coco/ {
        proxy_pass            http://127.0.0.1:{{ coco_http_port }}/coco/;
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      Host $host;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log            off;
    }

    location /guacamole/ {
        proxy_pass            http://127.0.0.1:{{ gcm_port }};  # 如果 guacamole 安装在别的服务器，请填写它的 ip。
        proxy_buffering       off;
        proxy_http_version    1.1;
        proxy_set_header      Upgrade $http_upgrade;
        proxy_set_header      Connection $http_connection;
        access_log            off;
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      Host $host;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        proxy_pass            http://127.0.0.1:{{ jms_port }};
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      Host $host;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
